Well, I also had this issue for a long time. I resorted to use a firewall to block outside access and pass internal IPs. I first wanted to assign another internal IP to the server so that local users can access and and block outsiders based on that. But OpenLDAP only listens on one IP and I couldn't figure out how to make it listen on other IPs as well. So I ended up doing a special routing for local IPs on the router plus the firewall to prevent connections from Internet. Kind of messy, but works.

Kibo , I am sorry but I just said that firewall is not an option for me . I need external access ( but authenticated access ) . If anyone has figured out how to modify the config files for ldap , please let me know .